Be an early applicantLess than 25 applicants

Company

Plus Power · 3 days ago

Principal Cybersecurity Engineer - Battery Storage

San Francisco, CA

Full-time

Remote

Lead/Staff

8+ years exp

Maximize your interview chances

BatteryEnergy

H1B Sponsor Likely

Insider Connection @Plus Power

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Work day-to-day with a broad set of stakeholders and contributors to drive Plus Power's cybersecurity program and activities aligning with the company's compliance and security postures

Promote secure by design and secure by default strategies

Baseline, monitor, identify, and assess security vulnerabilities and risks in applications and infrastructure across operational technology (OT), information technology (IT), data science, and data engineering environments

Own and drive the resolution of different security events, control gaps, policy questions, and technical security risks

Contribute to building repeatable/reusable/systematic security processes and frameworks to identify potential security events, quantifying and documenting their feasibility, and enumerating the potential blast radius for the organization

Manage the company's Compliance & Security Posture Management (CSPM) Platforms, and advance the enterprise's efforts to obtain cybersecurity framework certifications that align with compliance posture along with attestations to reassure internal stakeholders and external customers of our cybersecurity posture, including:

Provide project management for the implementation of security controls while operating cross-functionally

Conduct automated evidence collection operations to guarantee the longevity and uniformity of our controls

Assist with identification and mitigation of cybersecurity risks including compliance concerns (SOX, ISO, NERC-CIP, NIST CSF 2.0)

Develop, communicate, and assess the compliance stance of the framework in relation to internal and external policies

Build out and run a Third-Party Cyber Risk Management (TPRM) Program and mitigate systemic risk from security posture vendors and end-to-end software supply chain

Communicate and maintain cybersecurity and risk metrics for senior executives and leaders of various business units

Work with External Relations team on proposed cybersecurity legislation and regulations

Work with Legal and Compliance team to establish cybersecurity controls to facilitate compliance with applicable laws and regulations

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Cybersecurity principlesInfoSec managementAppSec managementSecOps managementAccess managementData privacy programsNetwork securityEmbedded/hardware securityCryptographyWeb protocolsThreat modelingPen testsVulnerability assessmentsScripting skillsPythonRustCISSP certificationCISM certificationCRISC certificationCISA certificationGIAC certificationEC-Council certificationKPI implementationEmail SecurityDLPCSPMZTNAEDR/XDRSOC2ISO27001

Required

8+ years of experience in identifying security issues and developing mitigation plans

Bachelor's or Master's degree in Information Systems, Computer Science, Software Engineering, or a closely related field

Deep hands-on technical expertise in at least two of the following areas: network security, embedded/hardware security, cryptography, web and network protocols, secure bill of materials, threat modeling, pen tests, or vulnerability assessments

Demonstrated use of scripting/software development skills (e.g., Python, Rust) to automate processes

Experience in successfully implementing KPIs and metrics for security and risk management

Proficient in overseeing the execution of audits, certification programs, and control assessments, encompassing responsibilities such as scope planning, delineating control procedures in accordance with established policies, standards, and requirements, conducting control testing, associating issues with risks, and disseminating findings

Experience with SOC2 ISO27001, and/or NIST security frameworks, controls, tests, and auditing and associated requirements, in addition to familiarity with SOX-regulated environments

Excellent written and verbal communication skills to communicate effectively at all levels

Ability to work in a fast-paced environment while managing multiple priorities

Ability to operate as a team and/or independently while demonstrating flexibility to changing requirements

Demonstrated ability to work well in a cross-functional environment with both technical and non-technical team members

Ability to effectively use Microsoft Office products – Word, Excel, Power Point, Outlook

Preferred

Certifications in Security: CISSP, CISM, CRISC, CISA, GIAC, and EC-Council desired

Knowledge of fundamental security Email Security, DLP, CSPM, ZTNA, EDR/XDR, and additional security technologies preferred

Knowledge of operational technologies preferred

Benefits

Unlimited vacation

Flexible remote work

Educational assistance

Parental leave

Highly engaging company culture with opportunities for in-person connection and learning and growth

Company

Plus Power

Plus Power specializes in creating battery energy storage systems that enhance the efficiency and reliability of the electrical grid.

Founded in 2018

Houston, Texas, USA

51-200 employees

https://www.pluspower.com

H1B Sponsorship

Plus Power has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2023 (3)

2022 (3)

2021 (5)

2020 (3)